About change client version ?

[k9hunter]

First ,sory about my bad English :glare:
I know some clients can conect to the later PT'sever file in forum :laugh:, but i wanna use some other clients for my PT offline sever :. I have already change the ports of the client but i can't use it because of the version of the client .When i try to log in to my sever it reported:" wrong version".
Example : my sever version is 4156 but my client is 6613 .Is it possible to change client version ?

 

[SunnyZ]

Just open up your servers hotuk.ini file
Find the line

*VERSION

Either delete the line or put // in front of it so it looks like

//*VERSION

This will disable the client version check.

Or add in the client version number ie

*VERSION 6613

This will make it so only client version 6613 will be able to connect to your server.

 

[k9hunter]

Thank man but it's not what i mean ,i know how to use hotuk file but i want to change version inside the client by using ollydbg , is't possible?

 

[SunnyZ]

http://forum.ragezone.com/f562/guide-modify-version-client-682887/ should help you

 

[k9hunter]

so it's possible , thank man ...........

oh and thank to Harsaphes and bobsobol for they helpful post :w00t:

 

[bobsobol]

http://forum.ragezone.com/f562/guide-modify-version-client-682887/ should help you

Sorry SunnyZ, that guide tells you how to change the checksum file associated with a client version. Not how to change the version number the client reports.

The Hotuk.ini is the only thing (aside from that checksum which you can just delete and the server will recreate one which does match) which produces the "version doesn't match" message. So if you want to fix that message, and don't mean in hotuk.ini, (or deleting the checksum file) then when you've done that you can change which side of the road you drive a car on without moving the steering wheel. (or changing any laws)

If you want to know how to change the version number reported to the server, or the users, or both, I can write a guide on doing that. But that won't make any difference to server connectivity if you already know how to modify hotuk and port.

 

[k9hunter]

Sorry SunnyZ, that guide tells you how to change the checksum file associated with a client version. Not how to change the version number the client reports.

The Hotuk.ini is the only thing (aside from that checksum which you can just delete and the server will recreate one which does match) which produces the "version doesn't match" message. So if you want to fix that message, and don't mean in hotuk.ini, (or deleting the checksum file) then when you've done that you can change which side of the road you drive a car on without moving the steering wheel. (or changing any laws)

If you want to know how to change the version number reported to the server, or the users, or both, I can write a guide on doing that. But that won't make any difference to server connectivity if you already know how to modify hotuk and port.

That's what I was looking for , please write it ,i did some research yesterday and i can change only the number of version appear on the screen ,the version number reported to the serve is something else ,it more difficult ,if you guide me you would be my savior tt:

 

[bobsobol]

Yea, it is, and it isn't.

The trick is the change the number passed to wsprintf(). There are two possible paths, one for beta versions (less than 1000) and one for release versions (greater, or equal to 1000). Before the selection, a constant is moved into local memory. Change the constant, and all will be good.

As soon as I get time, I will write up a proper guide for you, but if you are still inquisitive, this should give you a good head start.

 

[Vormav]

I don't get problem here.

Version is written in this format: %d.%d.%d

...so lets say we would like to change version of client 1.98.9.
We need to find 1989 as HEX 7C5 (looking for C5 07 ofc).

here is how this client display version:

1989 / 1000 = 1
1989 / 10 % 100 = 98 ("%" is a "Mod" button on windows calculator)
1989 % 10 = 9

Other clients could display version in bit different way but I think rule for finding version will be similar.

You could even change string "%s%d.%d.%d" to "your version" and nop push'ed parameters.

 

[k9hunter]

I don't get problem here.

Version is written in this format: %d.%d.%d

...so lets say we would like to change version of client 1.98.9.
We need to find 1989 as HEX 7C5 (looking for C5 07 ofc).

here is how this client display version:

1989 / 1000 = 1
1989 / 10 % 100 = 98 ("%" is a "Mod" button on windows calculator)
1989 % 10 = 9

Other clients could display version in bit different way but I think rule for finding version will be similar.

You could even change string "%s%d.%d.%d" to "your version" and nop push'ed parameters.

Yes this is not the problem :laugh:, I did try it but this is only to screen parameters .
Example, my client version is 3104 ( the number i see on the screen ) and my sever version is 6614 ,i change the number of version appear on the screen to 6614 but still can't connect to my sever .
So the problem here is:" how can i edit client version number reported to the sever( not the number appear on the screen) ?"

 

[Vormav]

Than all you have to do is disable or update version checksum.
Function that check sum for client version look like this:

0055CCE0 /$ 8B0D 50D77000 MOV ECX,DWORD PTR DS:[70D750]
0055CCE6 |. 8BC1 MOV EAX,ECX
0055CCE8 |. F7D8 NEG EAX
0055CCEA |. D1E0 SHL EAX,1
0055CCEC |. 3D 76F0FFFF CMP EAX,-0F8A
0055CCF1 |. 75 09 JNZ SHORT game_NO_.0055CCFC
0055CCF3 |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
0055CCF7 |. 3B48 0C CMP ECX,DWORD PTR DS:[EAX+C]
0055CCFA |. 7D 10 JGE SHORT game_NO_.0055CD0C
0055CCFC |> 6A 01 PUSH 1
0055CCFE |. E8 6D81FBFF CALL game_NO_.00514E70
0055CD03 |. 83C4 04 ADD ESP,4
0055CD06 |. B8 01000000 MOV EAX,1
0055CD0B |. C3 RETN
0055CD0C |> 8B48 08 MOV ECX,DWORD PTR DS:[EAX+8]
0055CD0F |. 85C9 TEST ECX,ECX
0055CD11 |. 7E 10 JLE SHORT game_NO_.0055CD23
0055CD13 |. 6A 02 PUSH 2
0055CD15 |. E8 5681FBFF CALL game_NO_.00514E70
0055CD1A |. 83C4 04 ADD ESP,4
0055CD1D |. B8 01000000 MOV EAX,1
0055CD22 |. C3 RETN
0055CD23 |> 6A 00 PUSH 0
0055CD25 |. E8 4681FBFF CALL game_NO_.00514E70
0055CD2A |. 83C4 04 ADD ESP,4
0055CD2D |. B8 01000000 MOV EAX,1
0055CD32 \. C3 RETN

Blue - address of version.
Red - checksum of version.

In your case (version 6614) checksum will be: -33AC (FFFFCC54), olly ASM 0FFFFCC54
So change value stored in blue and update red.

PS. Function taken from version 1.98.9.
PS2. I think that there are other checks but this is enough to let you login and Version is not type of check you would depend on when comes to security.

 

[k9hunter]

Thank alot man , but how can you change 6614 in to -33AC

 

[Vormav]

6614 * (-2) = -13228 dec = FFFFFFFFFFFFCC54 hex

With value FFFFFFFFFFFFCC54 on windows calculator press ± to get 33AC, and because it's negative value (FFFFFFFF) you are adding - in front.

 

[k9hunter]

: it's still too difficult for me ,...
i find checksum in clent and change :C0E7FFFF CMP EAX,-1840 into 54CCFFFF CMP EAX,-33AC

and still can't connect

005565B0  /$ 8B0D 20D36E00  MOV ECX,DWORD PTR DS:[6ED320]
005565B6  |. 8BC1           MOV EAX,ECX
005565B8  |. F7D8           NEG EAX
005565BA  |. D1E0           SHL EAX,1
005565BC  |. 3D C0E7FFFF    CMP EAX,-1840
005565C1  |. 75 09          JNZ SHORT LivingPT.005565CC
005565C3  |. 8B4424 04      MOV EAX,DWORD PTR SS:[ESP+4]
005565C7  |. 3B48 0C        CMP ECX,DWORD PTR DS:[EAX+C]
005565CA  |. 7D 10          JGE SHORT LivingPT.005565DC
005565CC  |> 6A 01          PUSH 1
005565CE  |. E8 DD82FBFF    CALL LivingPT.0050E8B0
005565D3  |. 83C4 04        ADD ESP,4
005565D6  |. B8 01000000    MOV EAX,1
005565DB  |. C3             RETN
005565DC  |> 8B48 08        MOV ECX,DWORD PTR DS:[EAX+8]
005565DF  |. 85C9           TEST ECX,ECX
005565E1  |. 7E 10          JLE SHORT LivingPT.005565F3
005565E3  |. 6A 02          PUSH 2
005565E5  |. E8 C682FBFF    CALL LivingPT.0050E8B0
005565EA  |. 83C4 04        ADD ESP,4
005565ED  |. B8 01000000    MOV EAX,1
005565F2  |. C3             RETN
005565F3  |> 6A 00          PUSH 0
005565F5  |. E8 B682FBFF    CALL LivingPT.0050E8B0
005565FA  |. 83C4 04        ADD ESP,4
005565FD  |. B8 01000000    MOV EAX,1

This is the client i wanna edit and use for my sever, because of some personal problems I can only upload txt file

You must be registered to see links

 

[Vormav]

Your client have .txt extension <_< and it look like it's damaged.
As I said in previous post, you need to change version and checksum.

Go to 6ED320 address and change "20 0C" to "D6 19". I thought that you know how to change version since you said that you don't have any problem with it.
​

 

[k9hunter]

Now you mention it .I remember that I have edited it .
But now.....let's see ..
1> This is first time i search for it 006ED320

006ED320   200C00           AND BYTE PTR DS:[EAX+EAX],CL
006ED323   00A7 00000001    ADD BYTE PTR DS:[EDI+1000000],AH

2> and when i edit it

006ED320   61               POPAD
006ED321   D900             FLD DWORD PTR DS:[EAX]

3. and after i edit it

006ED31A   6E               OUTS DX,BYTE PTR ES:[EDI]                ; I/O command
006ED31B   0046 00          ADD BYTE PTR DS:[ESI],AL
006ED31E   6E               OUTS DX,BYTE PTR ES:[EDI]                ; I/O command
006ED31F   00D6             ADD DH,DL
006ED321   1900             SBB DWORD PTR DS:[EAX],EAX
006ED323   00A7 00000001    ADD BYTE PTR DS:[EDI+1000000],AH
006ED329   0000             ADD BYTE PTR DS:[EAX],AL

:huh::huh::huh::huh:
It's look like the values ​​change when i pointed at them , and after edit the values change again .
When i search ,the address 006ED320 appears but then it disappears

 

[Vormav]

- go to

6ED320
​

- right click it​

- press Follow in Dump > Selection
- select "20 0C" and press space
- change it to "D6 19"
- save changes​

 

[bobsobol]

Client.rar contains partial disassembly, PT1.rar contains virus. (possible false positive)

 

[k9hunter]

it work , thank you Vormav tt: oh and bobsobol to .

oh and how to remove Attached Files , i can't find it ?

 

[bobsobol]

Small cross over the icon for the attachment at the bottom in the "manage attachments" popup.